| Title | GPAC MP4Box version 2.1-DEV-rev490-g68064e101-master has a Integer Overflow in function lsr_translate_coords at laser/lsr_dec.c |
|---|
| Description | GPAC MP4Box version 2.1-DEV-rev490-g68064e101-master has a Integer Overflow in function lsr_translate_coords at laser/lsr_dec.c:856:27
details can get from: https://drive.google.com/file/d/1HVWa6IpAbvsMS5rx091RfjUB4GfXrMLE/view?usp=sharing
gdb output:
(gdb) l
851 return 2 * gf_divfix(INT2FIX(val/2), lsr->res_factor);
852 return gf_divfix(INT2FIX(val), lsr->res_factor);
853 }
854 #else
855 if (val >> (nb_bits-1) ) {
856 s32 neg = (s32) val - (1<<nb_bits); //here
857 return gf_divfix(INT2FIX(neg), lsr->res_factor);
858 } else {
859 return gf_divfix(INT2FIX(val), lsr->res_factor);
860 }
(gdb) p val
$1 = 732470
(gdb) p 1<<nb_bits
$2 = 1048576
(gdb) p val - (1<<nb_bits)
$3 = 4294651190
(gdb) p neg
$4 = 24832 |
|---|
| Source | ⚠️ https://drive.google.com/file/d/1HVWa6IpAbvsMS5rx091RfjUB4GfXrMLE/view?usp=sharing |
|---|
| User | Anonymous User |
|---|
| Submission | 11/18/2022 16:31 (4 years ago) |
|---|
| Moderation | 11/29/2022 08:31 (11 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 214518 [GPAC 2.1-DEV-rev490-g68064e101-master laser/lsr_dec.c lsr_translate_coords integer overflow] |
|---|
| Points | 20 |
|---|